Build Release #50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Release | |
| on: | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: "23 23 * * 0" | |
| jobs: | |
| build: | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| security-events: write | |
| contents: read | |
| id-token: write | |
| actions: read | |
| runs-on: ubuntu-latest | |
| env: | |
| ENDOR_NAMESPACE: "endorlabs-hearts-github" | |
| steps: | |
| - name: Clone Repo | |
| uses: actions/checkout@v3 | |
| - name: Setup JDK with Maven | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: microsoft | |
| java-version: 17 | |
| - name: Build release package | |
| run: mvn -B clean install | |
| - name: Endor Labs Scan | |
| if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| uses: endorlabs/github-action@v1 | |
| with: | |
| namespace: ${{ env.ENDOR_NAMESPACE }} | |
| pr: "false" | |
| sarif_file: endor-labs.sarif | |
| - name: Endor Labs Scan PR to Default Branch | |
| if: github.event_name == 'pull_request' | |
| uses: endorlabs/github-action@v1 | |
| with: | |
| namespace: ${{ env.ENDOR_NAMESPACE }} | |
| pr: true | |
| enable_pr_comments: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| sarif_file: endor-labs.sarif | |
| - name: Upload SARIF to github | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: endor-labs.sarif | |
| - name: Dockerize | |
| id: dockerbuild | |
| if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| docker build . -t endorlabs/hearts_github | |
| echo "image_id=endorlabs/hearts_github@$(docker inspect --format {{.ID}} endorlabs/hearts_github)" >> "$GITHUB_OUTPUT" | |
| - name: Sign Docker Image with Endor Labs | |
| if: ${{ steps.dockerbuild.outcome == 'success' }} | |
| uses: endorlabs/github-action/sign@main | |
| with: | |
| namespace: ${{ env.ENDOR_NAMESPACE }} | |
| artifact_name: ${{ steps.dockerbuild.outputs.image_id }} | |
| # PUBLISH IMAGE HERE -- avoiding due to demo repo | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: endorlabs-java-webapp-demo | |
| path: | | |
| target/endor-java-webapp-demo.jar | |